OWASP Periodic Table of Vulnerabilities - XML Injection
Root Cause Summary
XML documents are generated by including dynamic data without proper encoding.
Browser / Standards Solution
Generic Framework Solution
The framework should provide safe libraries for constructing and manipulating XML documents that automatically encode all dynamic data. The framework should disallow any direct access to raw XML.
Custom Framework Solution
Custom Code Solution
Discussion / Controversy
Cross-Site Scripting / HTML Injection is a special case of XML injection.